SearchLight customers can now automatically validate credential alerts via an integration with Okta, drastically reducing the time required to triage.
You may have seen our recent research report, which discovered that there are more than 15 billion credentials exposed online. Since we published that report in June, that number has actually increased by another billion.
I don’t wish to recap our research paper (you can download a copy and read for yourself), but there were two findings that warrant a bit further analysis:
- Two thirds of those credentials were duplicates
- More than 80% of those credentials were in plaintext.
Five questions security teams must answer when triaging credentials
Presented with a batch of employee credentials, security teams are required to ascertain the risk to the company and then take the necessary steps to mitigate impact.
- Has the employee left
- Is this email address actually real, or has it been simply made up
- Is this password the same as for the corporate accounts
- Has this credential pair already been actioned
- Is this a current password?
Given how many duplicate credentials our research team discovered, there’s an awful lot of triage team that is being wasted by traditional approaches.
New validation options
SearchLight customers can now automatically confirm the validity of these credentials automatically, and save precious triage time.
Email and Password Format
The ability to integrate with Okta builds on our already-existing abilities to validate exposed credential pairs by their email and password format. This includes the ability to specify the follow for each domain:
- Minimum length
- Lowercase character
- Uppercase characters
- Contain numbers
Integrate with Okta
Of course, some companies may not have defined password or email formats. Even for those that do, these may be inconsistently applied (for example, the “[email protected]” email may not follow the same as “[email protected]).
That’s why we’ve just released our integration with Okta, which enables SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) users to automatically validate email addresses within their Okta instance. That means that when the alert comes through, users will already have a good idea if that credential needs triaging.
But it doesn’t end there. Users can automatically reject alerts that are invalid, which vastly cuts down on the number of alerts security teams have to triage.
Once this integration has been set-up in the Integrations section of the portal, users can set up validation this up by going to Configure – Risks – Exposed Credential – Automation.
You only triage once
The beauty of this validation is that once you action a credential pair, you can either reset the affected account, or add it to your allowlist in SearchLight. Doing the latter will mean that you will not have to keep on triaging that same credential pair over and over again.
Get in touch to learn more about Digital Shadows (now ReliaQuest)’ integration with Okta, and learn how you can spend less time triaging alerts.